From 6ddb4753c62fd08f4da71a5d1bd4222de492a331 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 22 Sep 2017 04:04:00 +0200 Subject: tools: use key_is_zero for comparing to zeros Maybe an attacker on the system could use the infoleak in /proc to gauge how long a wg(8) process takes to complete and determine the number of leading zeros. This is somewhat ridiculous, but it's possible somebody somewhere might at somepoint care in the future, so alright. --- src/tools/config.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'src/tools/config.c') diff --git a/src/tools/config.c b/src/tools/config.c index 2f61d5b..af74bda 100644 --- a/src/tools/config.c +++ b/src/tools/config.c @@ -387,17 +387,11 @@ bool config_read_init(struct config_ctx *ctx, struct wgdevice **device, bool app return true; } -static inline bool key_is_valid(uint8_t key[WG_KEY_LEN]) -{ - static const uint8_t zero[WG_KEY_LEN] = { 0 }; - return !!memcmp(key, zero, WG_KEY_LEN); -} - bool config_read_finish(struct config_ctx *ctx) { size_t i; struct wgpeer *peer; - if (ctx->buf.dev->flags & WGDEVICE_REPLACE_PEERS && !key_is_valid(ctx->buf.dev->private_key)) { + if (ctx->buf.dev->flags & WGDEVICE_REPLACE_PEERS && key_is_zero(ctx->buf.dev->private_key)) { fprintf(stderr, "No private key configured\n"); goto err; } @@ -405,7 +399,7 @@ bool config_read_finish(struct config_ctx *ctx) ctx->buf.dev->flags |= WGDEVICE_REMOVE_FWMARK; for_each_wgpeer(ctx->buf.dev, peer, i) { - if (!key_is_valid(peer->public_key)) { + if (key_is_zero(peer->public_key)) { fprintf(stderr, "A peer is missing a public key\n"); goto err; } -- cgit v1.2.3-59-g8ed1b